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WHAT IS CLAIMED IS: 

1. A method of providing Resource -Event -Agent (REA) 
model based security, the method comprising: 

identifying an association between a first 
object and a second object in an REA model; 

creating an association class for the 
association between the first object and 
the second object, the association class 
defining security between the first object 
and the second object. 

2. The method of claim 1/ wherein creating the 
association class for the association between the 
first object and the second object further comprises 
creating an association class object having 
properties, the properties of the association class 
object defining the security between the first object 
and the second object. 

3. The method of claim 2, wherein creating the 
association class object further comprises creating 
one or more association class objects having 
properties, the properties of the one or more 
association class objects defining security between a 
first class of objects of which the first object is a 
member and a second class of objects of which the 
second object is a member. 

4. The method of claim 2, wherein the second object 
is a securable object. 
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5. The method of claim 4, wherein the first object 
is of a particular agent type, and wherein a role for 
a user is defined by the particular agent type for 
the first object . 

6. The method of claim 5, wherein the second object 
is a contract or agreement type object. 

7. The method of claim 5, wherein the second object 
is a commitment type object. 



8. The method of claim 5, 
is an event type object. 

9. The method of claim 5, 
is a resource type object. 

10. The method of claim 5, 
is an agent type object. 



wherein the second object 



wherein the second object 



wherein the second object 



11. The method of claim 5, wherein identifying the 
association between the first object and the second 
object further comprises identifying a control type 
association between the first object and the second 
object . 
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12. The method of claim 5, wherein identifying the 
association between the first object and the second 
object further comprises identifying a custody type 
association between the first object and the second 
object . 

13. The method of claim 5, wherein creating the 
association class for the association between the 
first object and the second object further comprises 
creating the association class in a security model. 

14. The method of claim 13, wherein creating the 
association class in the security model further 
comprises creating the association class in the 
security model separate from the REA model. 

15. The method of claim 13, wherein creating the 
association class in the security model further 
comprises creating the association class in the 
security model as part of the REA model. 

16. The method of claim 13, wherein defining 
security between the first object and the second 
object further comprises defining permissions and 
rights of the first object relative to the second 
object . 
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17. The method of claim 16, wherein defining 
permissions and rights of the first object relative 
to the second object further comprises dynamically 
determining the permissions and rights in a security 
policy logic module outside of the security model. 

18. A computer readable medium having computer- 
executable instructions for performing steps of a 
method of providing Resource -Event -Agent (REA) model 
based security, the steps comprising: 

identifying an association between a first 
object and a second object in an REA model; 

creating an association class for the 
association between the first object and 
the second object, the association class 
defining security between the first object 
and the second object. 

19. The computer readable medium of claim 18, 
wherein creating the association class for the 
association between the first object and the second 
object further comprises creating an association 
class object having properties, the properties of the 
association class object defining the security 
between the first object and the second object. 



20. The computer readable medium of claim 19, 
wherein creating the association class object further 
comprises creating one or more association class 
objects having properties, the properties of the one 
or more association class objects defining security 
between a first class of objects of which the first 
object is a member and a second class of objects of 
which the second object is a member. 

21. The computer readable medium of claim 19, 
wherein the first object is of a particular agent 
type, and wherein a role for a user is defined by the 
particular agent type for the first object. 

22. The computer readable medium of claim 21, 
wherein the second object is a contract or agreement 
type object. 

23. The computer readable medium of claim 21, 
wherein the second object is a commitment type 
object . 

24. The computer readable medium of claim 21, 
wherein the second object is an event type object. 

25. The computer readable medium of claim 21, 
wherein the second object is a resource type object. 
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26. The computer readable medium of claim 21, 
wherein the second object is an agent type object. 

27. The computer readable medium of claim 19, 
wherein identifying the association between the first 
object and the second object further comprises 
identifying a control type association between the 
first object and the second object. 

28. The computer readable medium of claim 19, 
wherein identifying the association between the first 
object and the second object further comprises 
identifying a custody type association between the 
first object and the second object. 

29. The computer readable medium of claim 19, 
wherein creating the association class for the 
association between the first object and the second 
object further comprises creating the association 
class in a security model. 

30. The computer readable medium of claim 29, 
wherein creating the association class in the 
security model further comprises creating the 
association class in the security model separate from 
the RE A model . 
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31. The computer readable medium of claim 29, 
wherein creating the association class in the 
security model further comprises creating the 
association class in the security model as part of 
the REA model . 

32. The computer readable medium of claim 29, 
wherein defining security between the first object 
and the second object further comprises defining 
permissions and rights of the first object relative 
to the second object. 

33. The computer readable medium of claim 32, 
wherein defining permissions and rights of the first 
object relative to the second object further 
comprises dynamically determining the permissions and 
rights in a security policy logic module outside of 
the security model . 

34. A system for providing security, the system 
comprising: 

a Resource -Event -Agent (REA) model configured to 
implement a first object, a second object, 
and an association between the first object 
and the second object; 

a security model configured to implement an 
association class for the association 
between the first object and the second 
object in the REA model, such that the 
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association class defines security between 
the first object and the second object. 

35. The system of claim 34, wherein the association 
class for the association between the first object 
and the second object further comprises an 
association class object having properties, the 
properties of the association class object defining 
the security between the first object and the second 
object . 

36. The system of claim 35, wherein the association 
class object further comprises one or more 
association class objects having properties, the 
properties of the one or more association class 
objects defining security between a first class of 
objects of which the first object is a member and a 
second class of objects of which the second object is 
a member. 

37. The system of claim 35, wherein the security 
model is separate from the REA model. 

38. The system of claim 35, wherein the security 
model is part of the REA model. 
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39. The system of claim 35, and further comprising a 
security policy logic module coupled to the security 
model and configured to dynamically determine 
permissions and rights of the first object relative 
to the second object. 



